Dan’s take is that enterprises are targeting both internal users and customers with smartphone applications for platforms such as Apple iPhone and Google Android.
The problem is that many of these applications are constructed without fully considering the associated security implications of their deployment.
Breaches can impact both users as well as the enterprise distributing the application as attackers take advantage of expanded access to sensitive data and network services.
Threat Modeling is an established practice used to identify potential security issues before starting development and holds promise for organizations developing leading-edge smartphone applications.
Listen to what Dan has to say about the emerging threats associated with deploying smartphone applications and provides an overview of the Threat Modeling process.